tdf#84881: Work in progress: Code to add the timestamp to the signature

Inside #if 0, as the two NSS functions I would want to use aren't exported from libsmime, despite being declared in public headers. Back to the old drawing board. Change-Id: I8b868b4d645a7bbab670e237568c8ff7d97c98cc (cherry picked from commit d1293c666f08963cebb5f1439034dd11634392df)
author: Tor Lillqvist <tml@collabora.com> 2015-02-20 17:31:02 +0200
committer: Andras Timar <andras.timar@collabora.com> 2015-03-05 15:22:55 +0100
commit: 2e1117c6be56423116a2f2cbd935235e547633e7 (patch)
tree: 406f553b41032a0b3271297042dd518efcc66679 /vcl
parent: c277f4f6c6ac3fc64f13134c771f4d8e3f28a14e (diff)
1 files changed, 40 insertions, 4 deletions
diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx
index cfd8b7ddfc4a..8e564e13cf56 100644
--- a/vcl/source/gdi/pdfwriter_impl.cxx
+++ b/vcl/source/gdi/pdfwriter_impl.cxx
@@ -6687,12 +6687,48 @@ bool PDFWriterImpl::finalizeSignature()
         }
 
         SAL_INFO("vcl.pdfwriter", "TimeStampResp received and decoded, status=" << PKIStatusInfoToString(response.status));
-#if 0
+
+#if 0   // SEC_StringToOID() and NSS_CMSSignerInfo_AddUnauthAttr() are
+        // not exported from libsmime, need to think of some other
+        // approach. (As such I don't know if the code below would do
+        // the right thing even if they were.)
+
         NSSCMSAttribute timestamp;
-        timestamp.type = ?
-        if (NSS_CMSSignerInfo_AddUnauthAttr(cms_signer, ) != SECSuccess)
+
+        timestamp.type.type = siBuffer;
+        timestamp.type.data = NULL;
+        timestamp.type.len = 0;
+
+        SECItem values[2];
+        values[0] = response.timeStampToken;
+        values[1].type = siBuffer;
+        values[1].data = NULL;
+        values[1].len = 0;
+
+        SECItem *valuesp = values;
+        timestamp.values = &valuesp;
+
+        SECOidData typetag;
+        typetag.oid.data = NULL;
+        // id-aa-timeStampToken OBJECT IDENTIFIER ::= { iso(1)
+        // member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+        // smime(16) aa(2) 14 }
+        if (SEC_StringToOID(NULL, &typetag.oid, "1.2.840.113549.1.9.16.14", 0) != SECSuccess)
+        {
+            SAL_WARN("vcl.pdfwriter", "PDF signing: SEC_StringToOID failed");
+            return false;
+        }
+        typetag.offset = SEC_OID_UNKNOWN; // ???
+        typetag.desc = "id-aa-timeStampToken";
+        typetag.mechanism = CKM_INVALID_MECHANISM; // ???
+        typetag.supportedExtension = UNSUPPORTED_CERT_EXTENSION; // ???
+        timestamp.typeTag = &typetag;
+
+        timestamp.encoded = PR_FALSE;
+
+        if (NSS_CMSSignerInfo_AddUnauthAttr(cms_signer, &timestamp) != SECSuccess)
         {
-            SAL_WARN("vcl.pdfwriter", "PDF signing: can't include cert chain.");
+            SAL_WARN("vcl.pdfwriter", "PDF signing: can't add timestamp attribute");
             return false;
         }
 #endif
author	Tor Lillqvist <tml@collabora.com>	2015-02-20 17:31:02 +0200
committer	Andras Timar <andras.timar@collabora.com>	2015-03-05 15:22:55 +0100
commit	2e1117c6be56423116a2f2cbd935235e547633e7 (patch)
tree	406f553b41032a0b3271297042dd518efcc66679 /vcl
parent	c277f4f6c6ac3fc64f13134c771f4d8e3f28a14e (diff)